On 08.08.2014 13:14, Ludwig Nussel wrote: > Stef Walter schrieb: >> On 07.08.2014 17:17, grantksupp...@operamail.com wrote: >>> I've tried repeatedly to get subscribed @ p11-glue LIST; can't seem >>> to get a response from the list daemon. So, mailing you directly -- >>> hoping you might spare a moment to comment? >>> >>> I run Opensuse 13.1 >>> >>> I've installed, >>> >>> rpm -qa | egrep -i "ca-certificates|pkcs11" | sort >>> ca-certificates-1_201312011643-4.1.noarch >>> ca-certificates-cacert-1-15.1.2.noarch >>> ca-certificates-mozilla-1.97-3.12.1.noarch >>> libpkcs11-helper1-1.09-5.1.2.x86_64 pam_pkcs11-0.6.8-4.1.1.x86_64 >>> pkcs11-helper-1.09-5.1.2.x86_64 >>> >>> When I exec >>> >>> /usr/sbin/update-ca-certificates -v -f >>> >>> some -- NOT all! -- of my machines return a some "p11-kit: invalid >>> basic constraints certificate extension" messages, >> >> Could you try out the patches attached to the following bug, and let me >> know if it fixes the problem for you? >> >> https://bugs.freedesktop.org/show_bug.cgi?id=82328 > > I've applied that patches to the 13.1 package: > http://download.opensuse.org/repositories/home:/lnussel:/branches:/openSUSE:/13.1:/Update/standard/
Does it fix the issue? Looking for someone else to test it. > Just curious, why does the code path hit a point where it sees an > invalid public key? This line sets the type field to CKA_INVALID, but then other code still assumed the struct was valid without checking the type field. http://cgit.freedesktop.org/p11-glue/p11-kit/tree/trust/builder.c?h=stable#n643 Stef _______________________________________________ p11-glue mailing list p11-glue@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/p11-glue
